- From: Noam Rosenthal via GitHub <sysbot+gh@w3.org>
- Date: Fri, 30 Jun 2023 12:11:17 +0000
- To: public-css-archive@w3.org
Thinking about this again while working on a draft spec, disallowing cross-origin redirects might lead to strange behaviors: - you're on `here.example.com/`, you click `other.example.com` which redirects you to `here.example.com/next`. - No transition, because of cross-origin redirect - you go back, and then forward. Do we run transitions on the back/forward navigations, even though this would expose that there was a cross-origin redirect? What about when calling history.go(-2) and then +2? I guess we could say that history navigations never have this limitation. Also, regarding "it seems bad to expose that there was no in-between page" - it's already exposed by calling `history.length` before and after. So I wonder what the point is with protecting against cross-origin redirect navigations here at all. I can't find too many things that are different when you have a cross-origin redirect, it's mainly about protecting from knowing information about those redirects themselves (e.g. timing information). -- GitHub Notification of comment by noamr Please view or discuss this issue at https://github.com/w3c/csswg-drafts/issues/8684#issuecomment-1614564153 using your GitHub account -- Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config
Received on Friday, 30 June 2023 12:11:18 UTC